CN117118712A - Cloud mobile phone network access control method and device, cloud mobile phone and storage medium - Google Patents

Cloud mobile phone network access control method and device, cloud mobile phone and storage medium Download PDF

Info

Publication number
CN117118712A
CN117118712A CN202311101385.6A CN202311101385A CN117118712A CN 117118712 A CN117118712 A CN 117118712A CN 202311101385 A CN202311101385 A CN 202311101385A CN 117118712 A CN117118712 A CN 117118712A
Authority
CN
China
Prior art keywords
mobile phone
access
application
cloud mobile
white list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311101385.6A
Other languages
Chinese (zh)
Inventor
孙铨宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Original Assignee
Qianxin Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Technology Group Co Ltd filed Critical Qianxin Technology Group Co Ltd
Priority to CN202311101385.6A priority Critical patent/CN117118712A/en
Publication of CN117118712A publication Critical patent/CN117118712A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Abstract

The application provides a cloud mobile phone network access control method, a device, a cloud mobile phone and a storage medium, wherein the cloud mobile phone network access control method is applied to the cloud mobile phone and comprises the following steps: acquiring a management and control strategy of a target cloud mobile phone sent by a cloud server, wherein each cloud mobile phone and a corresponding management and control strategy thereof are stored in the cloud server; and controlling the target cloud mobile phone to access the network according to the control strategy of the target cloud mobile phone. By moving the management and control strategy of network access from the cloud server to each cloud mobile phone associated with the cloud server, different management and control strategies can be configured for different cloud mobile phones, so that different cloud mobile phones are controlled to realize different network access rights, and the flexibility of cloud mobile phone access control is improved.

Description

Cloud mobile phone network access control method and device, cloud mobile phone and storage medium
Technical Field
The present application relates to the field of network control technologies, and in particular, to a cloud mobile phone network access control method and device, a cloud mobile phone, and a storage medium.
Background
With the continuous development of network technology, cloud mobile phones are gradually used in enterprises to replace traditional mobile phones. The cloud mobile phone is a mobile phone which applies a cloud computing technology to network terminal services and realizes cloud services through a cloud server. The cloud mobile phone can use related functions of the cloud application program through a screen and a network without downloading the cloud application program.
At present, in order to control network access of a cloud mobile phone, the following main modes are adopted: an administrator sets a management and control policy for a computer room network line route or a firewall of the cloud server, wherein the management and control policy can be an object which can be accessed by a cloud mobile phone or an object which can not be accessed by the cloud mobile phone. When the cloud mobile phone sends an access request to the cloud server, the cloud server judges whether the access request is allowed or not according to a control strategy set in the cloud mobile phone after receiving the access request, if yes, the cloud mobile phone accesses based on the access request, sends a corresponding access result back to the cloud mobile phone, and if not, the cloud mobile phone refuses to access the access request. Thus, the access control of the cloud mobile phone is realized through the network of the cloud server.
However, the network management and control policy set in the cloud server aims at all cloud mobile phones related to the cloud server, that is, network access to all cloud mobile phones is the same, and personalized management cannot be achieved. For example: setting a 'forbidden access financial system' in a cloud server, wherein when a cloud mobile phone of a research and development personnel accesses the financial system, the research and development personnel is forbidden to access the financial system, and when the cloud mobile phone of the research and development personnel accesses the financial system, the enterprise financial personnel is forbidden to access the financial system. Thus, the flexibility of the cloud mobile phone access control is reduced.
Disclosure of Invention
The embodiment of the application aims to provide a cloud mobile phone network access control method and device, a cloud mobile phone and a storage medium, so as to improve the flexibility of cloud mobile phone access control.
In order to solve the technical problems, the embodiment of the application provides the following technical scheme:
the first aspect of the application provides a cloud mobile phone network access control method, which is applied to a target cloud mobile phone and comprises the following steps: acquiring a management and control strategy of a target cloud mobile phone sent by a cloud server, wherein each cloud mobile phone and a corresponding management and control strategy thereof are stored in the cloud server; and controlling the target cloud mobile phone to access the network according to the control strategy of the target cloud mobile phone.
Compared with the prior art, the cloud mobile phone network access control method provided by the first aspect of the application can configure different control strategies for different cloud mobile phones by moving the control strategies of network access from the cloud server to each cloud mobile phone associated with the cloud server, thereby controlling the different cloud mobile phones to realize different network access rights and improving the flexibility of cloud mobile phone access control.
In other embodiments of the first aspect of the present application, the cloud server stores user identity information of each cloud mobile phone and a corresponding management and control policy thereof; before acquiring the management and control policy of the target cloud mobile phone sent by the cloud server, the method further comprises the following steps: and sending the user identity information of the target cloud mobile phone to the cloud server so that the cloud server determines the control strategy of the target cloud mobile phone according to the user identity information of the target cloud mobile phone and sends the control strategy of the target cloud mobile phone to the target cloud mobile phone.
By sending the user identity information of the target cloud mobile phone to the cloud server, the cloud server can determine the current access right of the target cloud mobile phone, and then send the corresponding management and control strategy to the target cloud mobile phone, so that the user of the target cloud mobile phone can use the target cloud mobile phone in the corresponding access right, and the cloud mobile phone can be allocated to users with different access rights for use under the condition that the cloud mobile phone can perform access control correctly, thereby improving the flexibility of the use of the cloud mobile phone,
in other embodiments of the first aspect of the present application, the controlling, according to the control policy of the target cloud mobile phone, the network access of the target cloud mobile phone includes: intercepting an access request of the target cloud mobile phone; judging whether the access request allows access or not according to the management and control strategy of the target cloud mobile phone; if yes, the access request is sent to the cloud server so as to access the network through the cloud server; if not, the access request is refused to be sent to the cloud server, so that the cloud mobile phone cannot access the network.
By intercepting the access request of the target cloud mobile phone and judging the access based on the management and control strategy, the access request which is not allowed to access can be intercepted before reaching the cloud server, and the operation efficiency of the cloud server is improved.
In other embodiments of the first aspect of the present application, the management policy includes an object white list and/or an object black list, where the object white list includes an object that is allowed to be accessed, and the object black list includes an object that is forbidden to be accessed; the determining whether the access request allows access according to the management and control policy of the target cloud mobile phone includes: acquiring an object to be accessed from the access request; judging whether the object is in the object white list and/or the object black list; if the object is in the object white list, or the object is not in the object black list, or the object is in the object white list and is not in the object black list, determining that the access request allows access; if the object is not in the object white list, or the object is in the object black list, or the object is not in the object white list and is in the object black list, determining that the access request is forbidden to access; if the object is not in the object white list and is not in the object black list, sending query information of the access request to the cloud server so that the cloud server determines whether the access request allows access or not; and if the object is in the object white list and in the object black list, sending prompt information of list errors to the cloud server.
By matching the object in the access request with the object white list and the object black list, whether the access request can be accessed or not can be directly and rapidly obtained, and further, efficient network access control of the cloud mobile phone can be ensured.
In other embodiments of the first aspect of the present application, the control policy further includes an application white list and/or an application black list, where the application white list includes applications that allow access to be initiated, and the application black list includes applications that prohibit access to be initiated; before determining that the access request allows access, the method further comprises: acquiring an application initiating access from the access request; judging whether the application is in the application white list and/or the application black list; and if the object is in the object white list, or the object is not in the object black list, or the object is in the object white list and not in the object black list, determining that the access request allows access, including: and if the application is in the application white list and the object is in the object white list, or the application is not in the application black list and the object is not in the object black list, or the application is in the application white list and is not in the application black list and the object is in the object white list and is not in the object black list, determining that the access request allows access.
By judging the access authority of the application which initiates the access on the basis of the object which needs to be accessed, the access can be ensured to be within the allowable range from the initiation to the progress, and the refinement degree of network access control is improved.
In other embodiments provided in the first aspect of the present application, each application in the application white list has a correspondence with a corresponding object in the object white list, where the correspondence is used to indicate that access to the object is allowed by the application; and if the application is in the application white list and the object is in the object white list, determining that the access request allows access, including: and if the application is in the application white list, the object is in the object white list, and the corresponding relation exists between the object and the application, determining that the access request allows access.
By establishing the corresponding relation between each application in the application white list and the corresponding object in the object white list, the specific application can be controlled to access the specific object, so that the network access control is finer.
In other embodiments of the first aspect of the present application, the application white list and the application black list each include an application identifier; the determining whether the application is in the application white list and/or the application black list comprises: acquiring an identification of the application; and judging whether the identification is matched with the application identification in the application white list and/or the application black list.
By the application identification, the corresponding application can be more quickly searched out from the application list, whether the application is allowed to send out an access request or not is further determined, and the real-time performance of network access control is improved.
In other embodiments provided in the first aspect of the present application, the object whitelist includes a domain name whitelist, the object blacklist includes a domain name blacklist, the access request includes a domain name resolution request, and the object includes a domain name; after determining that the access request allows access, the method further comprises: acquiring an Internet Protocol (IP) address corresponding to the domain name; generating request information based on the IP address, wherein the request information is used for being sent to the cloud server; after determining that the access request inhibits access, the method further comprises: and refusing to acquire the Internet Protocol (IP) address corresponding to the domain name so that the target cloud mobile phone cannot access the network through the IP address.
Whether the access request can be accessed is judged through the domain name, the objects which are allowed to be accessed or the objects which are not allowed to be accessed can be listed in the domain name white list and the domain name black list, the problem that the website cluster is deployed and all the IP cannot be known is avoided, and the accuracy of network access control is improved.
In other embodiments of the first aspect of the present application, the obtaining a management policy of a target cloud mobile phone sent by a cloud server includes: receiving the control strategy through a control receiving program in the target cloud mobile phone; and sending the control strategy to a network control process of the target cloud mobile phone so that the network control process controls network access of the target cloud mobile phone according to the control strategy.
By customizing a management and control receiving program in a system of each cloud mobile phone corresponding to the cloud server, a management and control strategy of network access belonging to the cloud mobile phone, which is sent by a manager through the cloud server, can be received and forwarded to a network control process in the cloud mobile phone, so that the network control process in the cloud mobile phone controls all network access in the cloud mobile phone, accurate reception of the management and control strategy is ensured, and accurate network access control is performed on the cloud mobile phone.
The second aspect of the present application provides a cloud mobile phone network access control device, the device is applied to a target cloud mobile phone, the device includes: the cloud server is used for storing the management and control policies of the target cloud mobile phones and the cloud mobile phones; and the access control module is used for controlling the target cloud mobile phone to perform network access according to the control strategy of the target cloud mobile phone.
A third aspect of the present application provides a cloud mobile phone, the cloud mobile phone comprising: a processor, a memory, a bus; the processor and the memory complete communication with each other through the bus; the processor is configured to invoke program instructions in the memory to perform the method of the first aspect.
A fourth aspect of the present application provides a computer-readable storage medium, the storage medium comprising: a stored program; wherein the program, when run, controls a device in which the storage medium is located to perform the method in the first aspect.
The cloud mobile phone network access control device provided in the second aspect of the present application, the cloud mobile phone provided in the third aspect of the present application, and the computer readable storage medium provided in the fourth aspect of the present application have the same or similar beneficial effects as the cloud mobile phone network access control method provided in the first aspect, and are not described herein.
Drawings
The above, as well as additional purposes, features, and advantages of exemplary embodiments of the present application will become readily apparent from the following detailed description when read in conjunction with the accompanying drawings. In the drawings, wherein like or corresponding reference numerals indicate like or corresponding parts, there are shown by way of illustration, and not limitation, several embodiments of the application, in which:
Fig. 1 is a schematic architecture diagram of a cloud mobile phone network access control method in an embodiment of the present application;
fig. 2 is a schematic flow chart of a cloud mobile phone network access control method according to an embodiment of the present application;
fig. 3 is a second flow chart of a cloud mobile phone network access control method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a cloud mobile phone network access control device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram II of a cloud mobile phone network access control device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a cloud mobile phone according to an embodiment of the present application.
Detailed Description
Exemplary embodiments of the present application will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present application are shown in the drawings, it should be understood that the present application may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the application to those skilled in the art.
It is noted that unless otherwise indicated, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs.
At present, network access control is performed on a cloud mobile phone, mainly by configuring a management and control policy in a cloud server associated with the cloud mobile phone, and the cloud server controls an access request of the cloud mobile phone. However, once the configuration of the management and control policy in the cloud server is completed, the management and control policy aims at all cloud mobile phones associated with the management and control policy. The network access control of the cloud mobile phones is uniform, personalized management is not performed on the network access of different cloud mobile phones, and the flexibility of the cloud mobile phone access control is reduced.
The inventor finds that if the network access control is not performed on the cloud mobile phone through the cloud server, the management and control strategy for performing the network access control is moved to the cloud mobile phone, and the self-control of the network access is realized in the cloud mobile phone. Therefore, different management and control strategies can be configured in different cloud mobile phones, so that personalized management of network access of different cloud mobile phones is realized, and flexibility of cloud mobile phone access control is improved.
In view of this, the embodiments of the present application provide a cloud mobile phone network access control method, apparatus, cloud mobile phone and storage medium, where each cloud mobile phone and its corresponding management policy are stored in a cloud server, and after a target cloud mobile phone obtains its management policy from the cloud server, the target cloud mobile phone generates an access request, determines whether the access request is allowed according to the management policy therein, and sends the access request to the cloud server if allowed, so that the cloud server sends the access request, thereby implementing network access of the cloud mobile phone, and does not send the access request to the cloud server if not allowed, thereby implementing blocking of network access. Different network access rights can be realized by controlling different cloud mobile phones by configuring different management and control strategies in different cloud mobile phones, and the flexibility of the access control of the cloud mobile phones is improved.
Firstly, the overall architecture of the cloud mobile phone network access control method provided by the embodiment of the application is described.
Fig. 1 is a schematic architecture diagram of a cloud mobile phone network access control method according to an embodiment of the present application, and as shown in fig. 1, the architecture may include: a plurality of cloud mobile phones 11 and one cloud server 12. The plurality of cloud mobile phones 11 are respectively connected to the cloud server 12 in a communication manner.
In the cloud server 12, each cloud mobile phone 11 and its corresponding management and control policy are stored. The cloud server 12 will send different management policies to the corresponding cloud handsets 11. When a certain cloud mobile phone 11 needs to access a certain object, an access request is generated in the cloud mobile phone 11. Next, the cloud mobile phone 11 determines whether the access request is allowed to be accessed according to the management policy therein. If it is determined that the access is allowed, the cloud handset 11 transmits the access request to the cloud server 12 so that the cloud server 12 transmits the access request to the corresponding location. After receiving the response information of the access request, the cloud server 12 sends the response information to the cloud mobile phone 11 that sent the access request. If it is determined that the access is not allowed, the cloud mobile 11 refuses to transmit the access request to the cloud server 12, and a prompt message may be generated in the cloud mobile 11 to prompt that the access request is not allowed to be accessed. At this time, the cloud server 12 does not receive the access request either, thereby blocking the access of the cloud mobile phone 11.
Next, a detailed description is given of the cloud mobile phone network access control method provided by the embodiment of the present application.
Fig. 2 is a schematic flow chart of a cloud mobile phone network access control method according to an embodiment of the present application, and referring to fig. 2, the method may include:
s21: and acquiring a management and control strategy of the target cloud mobile phone sent by the cloud server.
Each cloud mobile phone and a corresponding management and control strategy thereof are stored in the cloud server.
When different network access control needs to be performed on different cloud mobile phones, the cloud server can send corresponding management and control strategies to the different cloud mobile phones according to control requirements. And the cloud mobile phone receives the control strategy for the network access of the cloud mobile phone. For example: for an enterprise system, the cloud mobile phone A needs to be limited to only access to the enterprise mailbox, and the cloud mobile phone B can access to the financial system in addition to the enterprise mailbox. The governance policy 1 (allowing access to enterprise mailboxes) may be sent to cloud handset a and the governance policy 2 (allowing access to enterprise mailboxes and financial systems) may be sent to cloud handset B. The cloud mobile phone A only can access the management and control strategy of the enterprise mailbox, and the cloud mobile phone B only can access the management and control strategy of the enterprise mailbox and the financial system, and the management and control strategies received by the cloud mobile phone A and the cloud mobile phone B are different.
And the management and control strategy can control which objects can be accessed by the cloud mobile phone and which objects can not be accessed. For example: the governance policy may be to allow access to the enterprise mailbox, and then no object outside of the enterprise mailbox is allowed to be accessed by the cloud handset. For another example: the governance policy may be that access to the internet is not allowed, that is, only cloud handsets are allowed to access the intranet. The specific content of the management and control policy is not specifically limited herein.
S22: and controlling the target cloud mobile phone to access the network according to the control strategy of the target cloud mobile phone.
After each cloud mobile phone receives a management and control policy for network access, when a certain user performs access operation on the cloud mobile phone, the cloud mobile phone generates a corresponding access request, and the cloud mobile phone judges whether the request is allowed to be accessed according to the management and control policy. If access is allowed, the cloud handset sends the access request to the cloud server. After receiving the access request, the cloud server can directly send the access request to the corresponding object according to the content in the access request. After the object generates response information based on the access request, the response information is sent back to the cloud server. And the cloud server sends the response information back to the cloud mobile phone. Thus, the cloud mobile phone realizes network access. If the access is not allowed, the cloud mobile phone does not send the access request to the cloud server, and a prompt message can be generated in the cloud mobile phone to prompt the user that the access is not allowed in the cloud mobile phone. In the cloud mobile phone, the access request is blocked directly, so that the access request is prevented from being sent to the cloud server, further, the cloud server is prevented from sending the access information in error due to excessive processing of the access information, and accuracy of network access control is improved.
As can be seen from the foregoing, in the cloud mobile phone network access control method provided by the embodiment of the present application, by moving the management and control policy of network access from the cloud server to each cloud mobile phone associated with the cloud server, different management and control policies can be configured for different cloud mobile phones, so as to control different cloud mobile phones to implement different network access rights, and improve flexibility of cloud mobile phone access control.
Further, as a refinement and extension of the method shown in fig. 2, the embodiment of the application further provides a cloud mobile phone network access control method.
Fig. 3 is a second flowchart of a cloud mobile phone network access control method according to an embodiment of the present application, and referring to fig. 3, the method may include:
s31: and sending the user identity information of the target cloud mobile phone to the cloud server so that the cloud server determines the management and control strategy of the target cloud mobile phone according to the user identity information of the target cloud mobile phone and sends the management and control strategy of the target cloud mobile phone to the target cloud mobile phone.
The cloud server stores user identity information of each cloud mobile phone and corresponding management and control strategies thereof.
The user identity information may refer to an identifier, a name, a department to which the person currently uses the cloud mobile phone, or may refer to a department to which the person authorized to use the cloud mobile phone currently belongs, a security level, etc., and the specific content of the user identity information of the cloud mobile phone is not limited herein.
For example, assume that a financial department-allowing access to enterprise mailboxes and financial systems, and a business department-allowing access to enterprise mailboxes-are stored in a cloud server. After a person in the business department takes the cloud mobile phone, the person can send user identity information to the cloud server through the cloud mobile phone, namely the business department, and the cloud server can find a management and control strategy of 'allowing access to enterprise mailbox' according to the business department, and then send 'allowing access to enterprise mailbox' back to the cloud mobile phone. Thus, the cloud mobile phone controls the personnel of the business department to only access the enterprise mailbox and not access other contents.
S32: and receiving the control strategy through a control receiving program in the target cloud mobile phone.
The cloud mobile phone operation system can be customized. In the process of customizing the operating system, a management and control receiving program can be configured to receive a management and control policy sent by an administrator through the cloud server. Therefore, after the operating system is installed in the cloud mobile phone, when an administrator needs to control network access of the cloud mobile phone, a management and control strategy can be sent to the cloud mobile phone through the cloud server. The management and control policy can be received by a management and control receiving program in the cloud mobile phone.
S33: and sending the management and control strategy to a network control process of the target cloud mobile phone, so that the network control process controls network access of the target cloud mobile phone according to the management and control strategy.
After receiving the control policy belonging to the control receiving program in the target cloud mobile phone, the control receiving program can send the control policy to a network control process in the target cloud mobile phone. Because the related information of network access only needs to be acquired and processed by the network control process in the cloud mobile phone, the management and control strategy is sent to the network control process, so that all the related information of network access in the target cloud mobile phone can be effectively controlled.
In the process of operating the target cloud mobile phone, the network control process also continuously operates, and when the target cloud mobile phone generates an access request, the network control process can determine whether to allow the access request to be sent according to a management and control strategy in the access request.
S34: and intercepting an access request of the target cloud mobile phone.
When the target cloud mobile phone needs to access a certain object, the target cloud mobile phone generates an access request for the object. Before the target cloud mobile phone sends the access request, a management and control receiving program in the target cloud mobile phone intercepts the access request and sends the access request to a network control process, and the network control process determines whether the access request allows access or not according to a management and control strategy in the access request.
S35: and judging whether the access request allows access or not according to the management and control strategy of the target cloud mobile phone, if so, executing S36, and if not, executing S37.
S36: and sending the access request to the cloud server to perform network access through the cloud server.
After the access request in the target cloud mobile phone is determined to allow access, the target cloud mobile phone sends the access request to the cloud server, and the cloud server directly sends the access request to the corresponding object according to the content in the access request after receiving the access request. The corresponding object generates response information based on the access request, and sends the response information back to the cloud server. And the cloud server sends the response information back to the target cloud mobile phone. Thus, the target cloud mobile phone realizes personalized control of the cloud server for network access.
S37: and refusing to send the access request to the cloud server so that the cloud mobile phone cannot access the network.
After determining that the access request in the target cloud mobile phone is prohibited from being accessed, the target cloud mobile phone does not send the access request to the cloud server, and a prompt message can be generated in the target cloud mobile phone to prompt the user of the target cloud mobile phone not to allow the access in the cloud mobile phone. It is seen from the target cloud handset that it is the direct blocking of access requests. In view of the cloud server, the cloud server does not receive the access request of the target cloud mobile phone, and the target cloud mobile phone can be considered to not send the access request at the moment.
When determining whether the access request is allowed to be issued based on the management policy, the object whitelist, the object blacklist, or the object black-and-white list may be configured in the management policy. In the object white list, all are objects that are allowed to be accessed. In the object blacklist, all are objects that are not allowed to be accessed. The object black-and-white list includes an object white list and an object black list.
Specifically, the step S35 may include:
step A1: : an object to be accessed is obtained from the access request.
In the access request, an identification and an address of the information sender, an identification and an address of the information receiver, an encapsulation protocol of the information, information contents, and the like may be included. The object to be accessed by the current access request can be obtained through the identification or the address of the information receiver.
Step A2: it is determined whether the object is within the object white list and/or the object black list.
Here, whether the object is in the object white list may be determined only, whether the object is in the object black list may be determined only, and whether the object is in the object white list and whether the object is in the object black list may be determined.
If the object is in the object white list, or the object is not in the object black list, or the object is in the object white list and not in the object black list, step A3 is executed.
When only the object white list is stored in the cloud server, judging whether the object of the access request is in the object white list, if so, determining that the access request allows access. When only the object blacklist is stored in the cloud server, judging whether the object of the access request is in the object blacklist, if not, determining that the access request allows access if the object of the access request is allowed access. When the cloud server stores the object white list and the object black list, judging whether the object of the access request is in the object white list or not, and judging whether the object of the access request is in the object black list or not, if the object of the access request is in the white list and is not in the black list, judging that the object of the access request is strictly allowed to be accessed, and determining that the access request is allowed to be accessed.
If the object is not in the object white list, or the object is in the object black list, or the object is not in the object white list and is in the object black list, step A4 is executed.
When only the object white list is stored in the cloud server, judging whether the object of the access request is in the object white list, if not, determining that the access request is forbidden to access if the object of the access request is not allowed to access. When only the object blacklist is stored in the cloud server, judging whether the object of the access request is in the object blacklist, if so, determining that the access request is forbidden to access. When the cloud server stores the object white list and the object black list, judging whether the object of the access request is in the object white list or not, and judging whether the object of the access request is in the object black list or not, if not, and in the black list, the object of the access request is forbidden after the strict judgment, and determining that the access request is forbidden.
If the object is not in the object white list and is not in the object black list, step A5 is performed.
When the cloud server stores the object white list and the object black list, whether the object of the access request is in the object white list or not is judged, and whether the object of the access request is in the object black list or not is judged, if the object of the access request is not in the white list and is not in the black list, the object of the access request is not explicitly allowed to be accessed or is not explicitly forbidden, and whether the object is not explicitly allowed to be accessed or not is not allowed to be accessed, at this time, a query about whether the access request is allowed to be accessed or not can be sent to the cloud server, so that the cloud server can determine based on a preset rule, or a manager of the cloud server can determine.
If the object is in the object white list and in the object black list, step A6 is performed.
When the object white list and the object black list are stored in the cloud server, judging whether the object of the access request is in the object white list or not, and judging whether the object of the access request is in the object black list or not, if the object is in the white list and in the black list, indicating that the same object exists in the object white list and the object black list, the object is allowed to access and forbidden to access, wherein the object is wrong, generating a prompt message, wherein the prompt message can contain the object, and sending the prompt message to the cloud server, so that a manager of the cloud server can timely confirm whether the set object white list or the set object in the object black list is wrong.
Step A3: it is determined that the access request allows access.
Step A4: access requests are determined to prohibit access.
Step A5: and sending the inquiry information of the access request to the cloud server so that the cloud server can determine whether the access request allows the access.
Step A6: and sending prompt information of the list errors to the cloud server.
Whether the access request is allowed or not is judged according to the object in the access request and the black-and-white list of the object, and in practical application, two scenes can be included. One scenario is to restrict the corresponding application in the cloud handset to access the corresponding object. Another scenario is access restriction based on domain names accessed.
Scene one: and limiting the corresponding application in the cloud mobile phone to access the corresponding object.
That is, it is necessary to limit which applications in the cloud phone can access and which objects the cloud phone can access. Therefore, the management policy needs to include the application white list and/or the application black list in addition to the object white list and/or the object black list. The application whitelist includes applications that are allowed to initiate access. The application blacklist contains applications which are forbidden to initiate access.
While performing the above steps A1-A2, the method may further comprise:
Step B1: an application that initiated the access is obtained from the access request.
In the access request, an identification and an address of the information sender, an identification and an address of the information receiver, an encapsulation protocol of the information, information contents, and the like may be included. In the identification of the information sender, besides the identification of the cloud mobile phone, the identification of the cloud mobile phone can also carry icons, names and the like of applications initiating the access request in the cloud mobile phone, and the user can know which application in the cloud mobile phone initiates the access request at the present time through the icons, the identifications and the like of the applications in the request information.
Step B2: it is determined whether the application is within the application white list and/or the application black list.
Here, whether the application is in the application white list may be determined, whether the application is in the application black list may be determined, whether the application is in the application white list may be determined, and whether the application is in the application black list may be determined.
After the step A2 and the step B2 are finished, if the application is in the application white list and the object is in the object white list, or the application is not in the application black list and the object is not in the object black list, or the application is in the application white list and is not in the application black list and the object is in the object white list and is not in the object black list, the step A3 is executed.
When the object white list and the application white list are stored in the cloud server, if the application initiated by the access request exists in the application white list, the application is allowed to access, and the object accessed by the access request exists in the object white list, the object is allowed to be accessed, so that both the initiator and the target of the access are allowed, the whole process of the access is allowed, and the access request is determined to allow the access.
When the object blacklist and the application blacklist are stored in the cloud server, if the application initiated by the access request does not exist in the application blacklist, the application is allowed to access, and the object accessed by the access request does not exist in the object blacklist, the object is allowed to be accessed, so that both the initiator and the target of the access are allowed, the whole process of the access is allowed, and the access request is determined to be allowed to access.
When the object white list, the object black list, the application white list and the application black list are stored in the cloud server, if the application initiated by the access request exists in the application white list and does not exist in the application black list, the application is allowed to access after being strictly confirmed, and the object accessed by the access request exists in the object white list and does not exist in the object black list, the object is allowed to be accessed after being strictly confirmed, so that the initiator and the target of the access are explicitly allowed, the whole process of the access is explicitly allowed, and the access request is determined to allow the access.
The above is the case for access requests to allow access, if not, then it is determined that the access request is prohibited from access, that the access request is not certain whether access is allowed or that a conflict occurs in the black and white list of the application or object.
When matching an application in an access request with an application white list or an application black list, the matching may be performed by an application identification. Compared with the matching by using the application icon and the application name, the matching by using the application identifier is simpler and more efficient. Correspondingly, the application identifier is included in the application white list or the application black list.
The application identifier here may refer to an identification number (Identity document, ID) of the application, a user identification (User Identification, UID), a universal unique identification code (Universally Unique Identifier, UUID), etc. When the operating system is installed in the target cloud mobile phone, each application in the target cloud mobile phone is assigned an identifier.
The step B2 may include:
step B21: an identification of an application is obtained.
The access request generally carries the identification of the application that issued the access, and thus can be obtained directly from the access request.
Step B22: and judging whether the identification is matched with the application identification in the application white list and/or the application black list.
The specific process of matching the application identifier in the access request with the application identifier in the application whitelist or the application blacklist is similar to the matching of the application in the step B2, and will not be repeated here.
It should be noted that, the application identifier in the application white list or the application black list may be uniformly configured, that is, what application is configured and what identifier is preset. In the process of installing an operating system in the target cloud mobile phone, the application in the target cloud mobile phone is configured with the identifier, and the identifier is also required to be carried out according to a preset rule, so that the access control of each application in the target cloud mobile phone can be accurately realized through the identifier in the black-and-white list of the application.
In some cases, only a specific application is allowed to access a specific object, at this time, a corresponding relationship needs to be established between each application in the application white list and a corresponding object in the object white list, and the application with the corresponding relationship and the object indicate that the cloud mobile phone is allowed to access the corresponding object through the application.
After the step B2, the method may further include:
step B3: and judging whether the application existing in the application white list has a corresponding relation with the object existing in the object white list. If yes, the step A3 is executed, and if not, the step A4 is executed.
If the application is in the application white list, the object is in the object white list, and the object has a corresponding relation with the application, which means that the application initiating access in the access request is allowed to send out access, and the object in the access request is allowed to access, at the same time, a corresponding relation is established between the application and the object, that is, the application is allowed to access the object, and at the moment, the permission of the access request for access can be determined.
For example, assume that an application whitelist "10000" and an object whitelist "192.168.1.100" are configured in a certain cloud mobile phone, and that "10000" and "192.168.1.100" have a correspondence relationship. When an application with UID of 10000 in the cloud mobile phone initiates an access request and needs to access an object with IP address of 192.168.1.100, the cloud mobile phone grants the application with UID of 10000 to access the object with IP address of 192.168.1.100. And when an application with UID of 20000 in the cloud mobile phone initiates an access request and needs to access an object with IP address of 192.168.1.100, the cloud mobile phone refuses the application with UID of 20000 to access the object with IP address of 192.168.1.100. When an application with UID of 10000 in the cloud mobile phone initiates an access request and needs to access an object with IP address of 192.168.1.200, the cloud mobile phone refuses the application with UID of 10000 to access the object with IP address of 192.168.1.200.
Scene II: and carrying out access restriction on the cloud mobile phone through the domain name.
Most of the current websites are in cluster deployment, the websites have more related services, each service possibly corresponds to different IP, and for a certain website, it is difficult to completely enumerate all the related IP of the website in a blacklist or a whitelist. The domain name of the website is generally easy to know, and the domain name can cover all services of the website, so that the domain name can be configured in the object white list or the object black list, whether the access request is allowed or not is judged through the domain name in the access request, and any IP in the website is not missed.
Accordingly, the step A1 may include: and acquiring the domain name from the domain name resolution request of the target cloud mobile phone.
After the user performs access operation on the target cloud mobile phone, the target cloud mobile phone firstly determines the accessed domain name based on the access operation, and then generates a domain name resolution request based on the domain name. The management and control receiving program in the target cloud mobile phone can acquire the domain name resolution request, and then acquire the domain name from the domain name resolution request.
Accordingly, the step A2 may include: whether the domain name is in a domain name white list and/or a domain name black list is judged.
Here, it may be determined whether the domain name in the domain name resolution request is only in the domain name white list, whether the domain name in the domain name resolution request is in the domain name black list, and whether the domain name in the domain name resolution request is in the domain name white list and the domain name black list.
If only the domain name white list exists, the step A3 is executed if the domain name in the domain name resolution request is in the domain name white list, which indicates that the domain name is allowed to be accessed, and the step A4 is executed if the domain name in the domain name resolution request is not in the domain name white list, which indicates that the domain name is prohibited to be accessed.
If only the domain name blacklist exists, the step A4 is executed if the domain name in the domain name resolution request is in the domain name blacklist, which indicates that the domain name is prohibited from being accessed, and the step A3 is executed if the domain name in the domain name resolution request is not in the domain name blacklist, which indicates that the domain name is permitted to be accessed.
For the case where both the domain name white list and the domain name black list exist, if the domain name in the domain name resolution request is in the domain name white list and is not in the domain name black list, the step A3 is executed, and if the domain name in the domain name resolution request is not in the domain name white list or is in the domain name black list, the domain name is prohibited from being accessed, the step A4 is executed.
After the above step A3, the method may include:
step C1: acquiring an IP address corresponding to the domain name; request information is generated based on the IP address, and the request information is used for being sent to the cloud server.
When the domain name is determined to be allowed to be accessed in the domain name resolution request, the domain name can be resolved to obtain the IP address to be accessed. In the process of resolving the domain name to obtain the IP address, the domain name resolving request can be directly resolved to obtain the IP address, and the IP address which is required to be accessed and corresponds to the domain name can be analyzed by combining the operation record of the user in the cloud mobile phone. The specific manner of resolving the IP address is not limited herein.
After the IP address to be accessed is obtained, the IP address, the requesting party, the requested content, etc. may be packaged together, thereby generating the request information.
The request information comprises data such as an IP address, a requester, request content and the like, the request information is sent to the cloud server, and the cloud server can send the request information to the corresponding address, so that the access request of the cloud mobile phone is realized. After the response information is fed back, the response information is also sent to the cloud server, and then the cloud server sends the response information to the target cloud mobile phone, so that a complete access process of the target cloud mobile phone is realized.
After the above step A4, the method may include:
step C2: and refusing to acquire the IP address corresponding to the domain name so that the target cloud mobile phone cannot access the network through the IP address.
When it is determined that the domain name is not allowed to be accessed in the domain name resolution request, the process can be ended, and the IP address of the domain name is not acquired any more. Therefore, on the basis of ensuring that access is comprehensively controlled through the domain name, additional generation of request information can be avoided, and the operation efficiency of the cloud mobile phone is improved.
The cloud mobile phone network access control method provided by the embodiment of the application is completely described.
Based on the same inventive concept, as an implementation of the method, the embodiment of the application also provides a cloud mobile phone network access control device. The cloud mobile phone network access control device is applied to a cloud mobile phone.
Fig. 4 is a schematic structural diagram of a cloud mobile phone network access control device according to an embodiment of the present application, and referring to fig. 4, the device may include: an acquisition module 41 and an access control module 42. Wherein the acquisition module 41 is connected with the access control module 42.
The acquiring module 41 is configured to acquire a management and control policy of a target cloud mobile phone sent by a cloud server, where each cloud mobile phone and a corresponding management and control policy thereof are stored in the cloud server;
the access control module 42 is configured to control the target cloud mobile phone to perform network access according to a management policy of the target cloud mobile phone.
Further, as a refinement and extension to the device shown in fig. 4, the embodiment of the application further provides a cloud mobile phone network access control device.
Fig. 5 is a second schematic structural diagram of a cloud mobile phone network access control device according to an embodiment of the present application, and referring to fig. 5, the device may include: a transmitting module 51, an acquiring module 52 and an access control module 53. Wherein the sending module 51, the obtaining module 52 and the access control module 53 are sequentially connected.
The cloud server stores user identity information of each cloud mobile phone and corresponding management and control strategies.
The sending module 51 is configured to send user identity information of the target cloud mobile phone to the cloud server, so that the cloud server determines a management and control policy of the target cloud mobile phone according to the user identity information of the target cloud mobile phone, and sends the management and control policy of the target cloud mobile phone to the target cloud mobile phone.
The acquisition module 52 includes: a receiving unit 521 and a transmitting unit 522. Wherein the receiving unit 521 is connected to the transmitting unit 522.
And the receiving unit 521 is configured to receive the control policy through a control receiving program in the target cloud mobile phone.
And the transmission unit 522 is configured to send the management and control policy to a network control process of the target cloud mobile phone, so that the network control process controls network access of the target cloud mobile phone according to the management and control policy.
The access control module 53 includes: interception unit 531, judgment unit 531, presentation unit 533, analysis unit 534, prohibition unit 535, access unit 536, and blocking unit 537. The interception unit 531 is connected to the judgment unit 532, the judgment unit 532 is connected to the presentation unit 533, the analysis unit 534, and the prohibition unit 535, the analysis unit 534 is connected to the access unit 536, and the prohibition unit 535 is connected to the blocking unit 537.
And the interception unit 531 is used for intercepting the access request of the target cloud mobile phone.
And the judging unit 532 is configured to judge whether the access request allows access according to a management policy of the target cloud mobile phone. If yes, access unit 536 is entered, and if not, blocking unit 537 is entered.
The management and control strategy comprises an object white list and/or an object black list, wherein the object white list contains the objects which are allowed to be accessed, and the object black list contains the objects which are forbidden to be accessed.
A judging unit 532, configured to obtain an object to be accessed from the access request; judging whether the object is in the object white list and/or the object black list; if the object is in the object white list, or the object is not in the object black list, or the object is in the object white list and is not in the object black list, determining that the access request allows access; if the object is not in the object white list, or the object is in the object black list, or the object is not in the object white list and is in the object black list, determining that the access request is forbidden to access; and if the object is not in the object white list and is not in the object black list, sending inquiry information of the access request to the cloud server so that the cloud server determines whether the access request allows access.
And a prompt unit 533 configured to send prompt information of a list error to the cloud server if the object is in the object white list and in the object black list.
The control strategy also comprises an application white list and/or an application black list, wherein the application white list comprises applications allowing access to be initiated, and the application black list comprises applications prohibiting access to be initiated.
A judging unit 532, configured to obtain an application that initiates access from the access request; judging whether the application is in the application white list and/or the application black list; and if the application is in the application white list and the object is in the object white list, or the application is not in the application black list and the object is not in the object black list, or the application is in the application white list and is not in the application black list and the object is in the object white list and is not in the object black list, determining that the access request allows access.
Each application in the application white list has a corresponding relation with a corresponding object in the object white list, and the corresponding relation is used for indicating that the object is allowed to be accessed through the application.
The determining unit 532 is further specifically configured to determine that the access request allows access if the application is in the application white list, the object is in the object white list, and the object has the correspondence with the application.
And the application white list and the application black list both comprise application identifiers.
The judging unit 532 is further specifically configured to obtain an identifier of the application; and judging whether the identification is matched with the application identification in the application white list and/or the application black list.
The object whitelist comprises a domain name whitelist, the object blacklist comprises a domain name blacklist, the access request comprises a domain name resolution request, and the object comprises a domain name.
A parsing unit 534, configured to obtain an internet protocol IP address corresponding to the domain name; and generating request information based on the IP address, wherein the request information is used for being sent to the cloud server.
The prohibiting unit 535 denies to acquire the IP address corresponding to the domain name, so that the target cloud mobile phone cannot access the network through the IP address.
And the access unit 536 is configured to send the access request to the cloud server, so as to perform network access through the cloud server.
And the blocking unit 537 is configured to reject sending the access request to the cloud server, so that the cloud mobile phone cannot perform network access.
It should be noted here that the description of the above device embodiments is similar to the description of the method embodiments described above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the apparatus of the present application, please refer to the description of the embodiments of the method of the present application.
Based on the same inventive concept, the embodiment of the application also provides a cloud mobile phone. Fig. 6 is a schematic structural diagram of a cloud mobile phone according to an embodiment of the present application, and referring to fig. 6, the cloud mobile phone may include: a processor 61, a memory 62, a bus 63; wherein, the processor 61 and the memory 62 complete the communication with each other through the bus 63; processor 61 is operative to invoke program instructions in memory 62 to perform the methods in one or more embodiments described above.
It should be noted here that the description of the above embodiments of the electronic device is similar to the description of the above embodiments of the method, with similar advantageous effects as the embodiments of the method. For technical details not disclosed in the embodiments of the electronic device of the present application, please refer to the description of the method embodiments of the present application for understanding.
Based on the same inventive concept, embodiments of the present application also provide a computer-readable storage medium, which may include: a stored program; wherein the program, when executed, controls a device in which the storage medium resides to perform the methods of one or more of the embodiments described above.
It should be noted here that the description of the above embodiments of the storage medium is similar to the description of the above embodiments of the method, with similar advantageous effects as the embodiments of the method. For technical details not disclosed in the storage medium embodiments of the present application, please refer to the description of the method embodiments of the present application for understanding.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. The cloud mobile phone network access control method is characterized by being applied to a target cloud mobile phone, and comprises the following steps:
acquiring a management and control strategy of a target cloud mobile phone sent by a cloud server, wherein each cloud mobile phone and a corresponding management and control strategy thereof are stored in the cloud server;
And controlling the target cloud mobile phone to access the network according to the control strategy of the target cloud mobile phone.
2. The method of claim 1, wherein the cloud server stores user identity information of each cloud mobile phone and a corresponding management and control policy thereof; before acquiring the management and control policy of the target cloud mobile phone sent by the cloud server, the method further comprises the following steps:
and sending the user identity information of the target cloud mobile phone to the cloud server so that the cloud server determines the control strategy of the target cloud mobile phone according to the user identity information of the target cloud mobile phone and sends the control strategy of the target cloud mobile phone to the target cloud mobile phone.
3. The method of claim 1, wherein the controlling the target cloud handset to access the network according to the control policy of the target cloud handset comprises:
intercepting an access request of the target cloud mobile phone;
judging whether the access request allows access or not according to the management and control strategy of the target cloud mobile phone;
if yes, the access request is sent to the cloud server so as to access the network through the cloud server;
if not, the access request is refused to be sent to the cloud server, so that the cloud mobile phone cannot access the network.
4. A method according to claim 3, wherein the management policy includes an object whitelist and/or an object blacklist, the object whitelist includes an object that is allowed to be accessed, and the object blacklist includes an object that is forbidden to be accessed; the determining whether the access request allows access according to the management and control policy of the target cloud mobile phone includes:
acquiring an object to be accessed from the access request;
judging whether the object is in the object white list and/or the object black list;
if the object is in the object white list, or the object is not in the object black list, or the object is in the object white list and is not in the object black list, determining that the access request allows access;
if the object is not in the object white list, or the object is in the object black list, or the object is not in the object white list and is in the object black list, determining that the access request is forbidden to access;
if the object is not in the object white list and is not in the object black list, sending query information of the access request to the cloud server so that the cloud server determines whether the access request allows access or not;
The method further comprises the steps of:
and if the object is in the object white list and in the object black list, sending prompt information of list errors to the cloud server.
5. The method according to claim 4, wherein the control policy further comprises an application white list and/or an application black list, the application white list includes applications that allow access to be initiated, and the application black list includes applications that prohibit access to be initiated; before determining that the access request allows access, the method further comprises:
acquiring an application initiating access from the access request;
judging whether the application is in the application white list and/or the application black list;
and if the object is in the object white list, or the object is not in the object black list, or the object is in the object white list and not in the object black list, determining that the access request allows access, including:
and if the application is in the application white list and the object is in the object white list, or the application is not in the application black list and the object is not in the object black list, or the application is in the application white list and is not in the application black list and the object is in the object white list and is not in the object black list, determining that the access request allows access.
6. The method of claim 5, wherein each application in the application whitelist has a correspondence with a corresponding object in the object whitelist, the correspondence indicating that access to objects is allowed by the application; and if the application is in the application white list and the object is in the object white list, determining that the access request allows access, including:
and if the application is in the application white list, the object is in the object white list, and the corresponding relation exists between the object and the application, determining that the access request allows access.
7. The method of claim 5, wherein the application white list and the application black list each include an application identifier; the determining whether the application is in the application white list and/or the application black list comprises:
acquiring an identification of the application;
and judging whether the identification is matched with the application identification in the application white list and/or the application black list.
8. The method of claim 4, wherein the object whitelist comprises a domain name whitelist, the object blacklist comprises a domain name blacklist, the access request comprises a domain name resolution request, and the object comprises a domain name; after determining that the access request allows access, the method further comprises:
Acquiring an Internet Protocol (IP) address corresponding to the domain name; generating request information based on the IP address, wherein the request information is used for being sent to the cloud server;
after determining that the access request inhibits access, the method further comprises:
and refusing to acquire the Internet Protocol (IP) address corresponding to the domain name so that the target cloud mobile phone cannot access the network through the IP address.
9. The method according to any one of claims 1 to 8, wherein the obtaining a management policy of the target cloud mobile phone sent by the cloud server includes:
receiving the control strategy through a control receiving program in the target cloud mobile phone;
and sending the control strategy to a network control process of the target cloud mobile phone so that the network control process controls network access of the target cloud mobile phone according to the control strategy.
10. A cloud handset network access control device, wherein the device is applied to a target cloud handset, the device comprising:
the cloud server is used for storing the management and control policies of the target cloud mobile phones and the cloud mobile phones;
And the access control module is used for controlling the target cloud mobile phone to perform network access according to the control strategy of the target cloud mobile phone.
11. A cloud handset, the cloud handset comprising: a processor, a memory, a bus; the processor and the memory complete communication with each other through the bus; the processor is configured to invoke program instructions in the memory to perform the method of any of claims 1 to 9.
12. A computer-readable storage medium, the storage medium comprising: a stored program; wherein the program, when run, controls a device in which the storage medium is located to perform the method of any one of claims 1 to 9.
CN202311101385.6A 2023-08-29 2023-08-29 Cloud mobile phone network access control method and device, cloud mobile phone and storage medium Pending CN117118712A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311101385.6A CN117118712A (en) 2023-08-29 2023-08-29 Cloud mobile phone network access control method and device, cloud mobile phone and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311101385.6A CN117118712A (en) 2023-08-29 2023-08-29 Cloud mobile phone network access control method and device, cloud mobile phone and storage medium

Publications (1)

Publication Number Publication Date
CN117118712A true CN117118712A (en) 2023-11-24

Family

ID=88797959

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311101385.6A Pending CN117118712A (en) 2023-08-29 2023-08-29 Cloud mobile phone network access control method and device, cloud mobile phone and storage medium

Country Status (1)

Country Link
CN (1) CN117118712A (en)

Similar Documents

Publication Publication Date Title
US8584231B2 (en) Service opening method and system, and service opening server
US9118653B2 (en) System and method of secure sharing of resources which require consent of multiple resource owners using group URI's
EP1598753B1 (en) Internet access control system and access control method in the terminal and in the server
EP2106087B1 (en) Method and apparatus for handling security level of device on network
US8156231B2 (en) Remote access system and method for enabling a user to remotely access terminal equipment from a subscriber terminal
JP5813790B2 (en) Method and system for providing distributed wireless network services
US8522333B2 (en) Client/server system for communicating according to the standard protocol OPC UA and having single sign-on mechanisms for authenticating, and method for performing single sign-on in such a system
US20180351943A1 (en) Server for providing a token
CN101400109B (en) General service opening interface system and general service opening method
WO2009008003A2 (en) Method and system for restricting access of one or more users to a service
EP2017999A1 (en) The method, device and system for network service authenticating
CN113014593A (en) Access request authentication method and device, storage medium and electronic equipment
US11457046B2 (en) Distributed network resource security access management system and user portal
CN110891056A (en) HTTPS request authentication method and device, electronic equipment and storage medium
CN109309907B (en) Method and device for charging flow and related equipment
WO2013071836A1 (en) Method and apparatus for processing client application access authentication
KR20100060130A (en) System for protecting private information and method thereof
US11979405B2 (en) Method and system for processing network resource access requests, and computer device
CN115134175B (en) Security communication method and device based on authorization strategy
CN117118712A (en) Cloud mobile phone network access control method and device, cloud mobile phone and storage medium
CN111416815B (en) Message processing method, electronic device and storage medium
WO2015021842A1 (en) Method and apparatus of accessing ott application and method and apparatus of pushing message by server
WO2020248369A1 (en) Firewall switching method and related apparatus
CN111542055B (en) Information interaction method, device, equipment and computer readable storage medium
KR20170140751A (en) System and Method for Confirm Transaction by using Dual Channel

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination